-/* $Cambridge: exim/src/src/transports/pipe.c,v 1.10 2006/02/21 16:24:20 ph10 Exp $ */
-
/*************************************************
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2006 */
+/* Copyright (c) University of Cambridge 1995 - 2009 */
/* See the file NOTICE for conditions of use and distribution. */
#include "../exim.h"
#include "pipe.h"
-#ifdef HAVE_LOGIN_CAP
+#ifdef HAVE_SETCLASSRESOURCES
#include <login_cap.h>
#endif
(void *)offsetof(pipe_transport_options_block, escape_string) },
{ "freeze_exec_fail", opt_bool,
(void *)offsetof(pipe_transport_options_block, freeze_exec_fail) },
+ { "freeze_signal", opt_bool,
+ (void *)offsetof(pipe_transport_options_block, freeze_signal) },
{ "ignore_status", opt_bool,
(void *)offsetof(pipe_transport_options_block, ignore_status) },
{ "log_defer_output", opt_bool | opt_public,
(void *)offsetof(pipe_transport_options_block, message_suffix) },
{ "path", opt_stringptr,
(void *)offsetof(pipe_transport_options_block, path) },
+ { "permit_coredump", opt_bool,
+ (void *)offsetof(pipe_transport_options_block, permit_coredump) },
{ "pipe_as_creator", opt_bool | opt_public,
(void *)offsetof(transport_instance, deliver_as_creator) },
{ "restrict_to_path", opt_bool,
(void *)offsetof(pipe_transport_options_block, umask) },
{ "use_bsmtp", opt_bool,
(void *)offsetof(pipe_transport_options_block, use_bsmtp) },
- #ifdef HAVE_LOGIN_CAP
+ #ifdef HAVE_SETCLASSRESOURCES
{ "use_classresources", opt_bool,
(void *)offsetof(pipe_transport_options_block, use_classresources) },
#endif
60*60, /* timeout */
0, /* options */
FALSE, /* freeze_exec_fail */
+ FALSE, /* freeze_signal */
FALSE, /* ignore_status */
+ FALSE, /* permit_coredump */
FALSE, /* restrict_to_path */
FALSE, /* timeout_defer */
FALSE, /* use_shell */
/* Called for each delivery in the privileged state, just before the uid/gid
are changed and the main entry point is called. In a system that supports the
login_cap facilities, this function is used to set the class resource limits
-for the user.
+for the user. It may also re-enable coredumps.
Arguments:
tblock points to the transport instance
errmsg = errmsg;
ob = ob;
-#ifdef HAVE_LOGIN_CAP
+#ifdef HAVE_SETCLASSRESOURCES
if (ob->use_classresources)
{
struct passwd *pw = getpwuid(uid);
}
#endif
+#ifdef RLIMIT_CORE
+if (ob->permit_coredump)
+ {
+ struct rlimit rl;
+ rl.rlim_cur = RLIM_INFINITY;
+ rl.rlim_max = RLIM_INFINITY;
+ if (setrlimit(RLIMIT_CORE, &rl) < 0)
+ {
+#ifdef SETRLIMIT_NOT_SUPPORTED
+ if (errno != ENOSYS && errno != ENOTSUP)
+#endif
+ log_write(0, LOG_MAIN,
+ "delivery setrlimit(RLIMIT_CORE, RLIM_INFINITY) failed: %s",
+ strerror(errno));
+ }
+ }
+#endif
+
return OK;
}
while ((rc = read(fd_out, big_buffer, big_buffer_size)) > 0)
{
if (addr->return_file >= 0)
- write(addr->return_file, big_buffer, rc);
+ if(write(addr->return_file, big_buffer, rc) != rc)
+ DEBUG(D_transport) debug_printf("Problem writing to return_file\n");
count += rc;
if (count > ob->max_output)
{
- uschar *message = US"\n\n*** Too much output - remainder discarded ***\n";
DEBUG(D_transport) debug_printf("Too much output from pipe - killed\n");
if (addr->return_file >= 0)
- write(addr->return_file, message, Ustrlen(message));
+ {
+ uschar *message = US"\n\n*** Too much output - remainder discarded ***\n";
+ rc = Ustrlen(message);
+ if(write(addr->return_file, message, rc) != rc)
+ DEBUG(D_transport) debug_printf("Problem writing to return_file\n");
+ }
killpg(pid, SIGKILL);
break;
}
"transport: %s%s", tblock->name, strerror(errno), tmsg);
}
+ /* Since the transport_filter timed out we assume it has sent the child process
+ a malformed or incomplete data stream. Kill off the child process
+ and prevent checking its exit status as it will has probably exited in error.
+ This prevents the transport_filter timeout message from getting overwritten
+ by the exit error which is not the cause of the problem. */
+
+ else if (transport_filter_timed_out)
+ {
+ killpg(pid, SIGKILL);
+ kill(outpid, SIGKILL);
+ }
+
/* Either the process completed, but yielded a non-zero (necessarily
positive) status, or the process was terminated by a signal (rc will contain
the negation of the signal number). Treat killing by signal as failure unless
- status is being ignored. */
+ status is being ignored. By default, the message is bounced back, unless
+ freeze_signal is set, in which case it is frozen instead. */
else if (rc < 0)
{
- if (!ob->ignore_status)
+ if (ob->freeze_signal)
+ {
+ addr->transport_return = DEFER;
+ addr->special_action = SPECIAL_FREEZE;
+ addr->message = string_sprintf("Child process of %s transport (running "
+ "command \"%s\") was terminated by signal %d (%s)%s", tblock->name, cmd,
+ -rc, os_strsignal(-rc), tmsg);
+ }
+ else if (!ob->ignore_status)
{
addr->transport_return = FAIL;
addr->message = string_sprintf("Child process of %s transport (running "